CVE 8.8 HIGH

MaxKB has a Python sandbox LD_PRELOAD bypass_CVE-2025-66446

December 11, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.

AI Analysis

Improper file permissions in MaxKB allow attackers to overwrite critical files, potentially resulting in privilege escalation.

Basic Information

ID CVE-2025-66446

Source GitHub_M

Published Dec 11, 2025 at 21:47

Affected Product

Vendor 1Panel-dev

Product MaxKB

Version < 2.4.0

Affected Versions 1Panel-dev MaxKB < 2.4.0

CWE Classification

CWE-362

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor 1Panel-dev

Product MaxKB

Version 2.3.1 and below

References

{
    "lastseen": "",
    "description": "MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.",
    "published": "2025-12-11T21:47:22.479Z",
    "modified": "2025-12-11T21:47:22.479Z",
    "type": "cve",
    "title": "MaxKB has a Python sandbox LD_PRELOAD bypass",
    "source": "GitHub_M",
    "references": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xx2-3q9w-jpgf\nhttps://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0",
    "id": "CVE-2025-66446",
    "bulletinFamily": "",
    "cwe": [
        "CWE-362"
    ],
    "cvelist": null,
    "sourceData": "1Panel-dev MaxKB < 2.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MaxKB",
    "version": "< 2.4.0",
    "vendor": "1Panel-dev",
    "ai_description": "Improper file permissions in MaxKB allow attackers to overwrite critical files, potentially resulting in privilege escalation.",
    "ai_severity": "High",
    "ai_vendor": "1Panel-dev",
    "ai_product": "MaxKB",
    "ai_version": "2.3.1 and below",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply